<?php
/**
 * <https://y.st./>
 * Copyright © 2019 Alex Yst <mailto:copyright@y.st>
 * 
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * 
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org./licenses/>.
**/

$xhtml = array(
	'<{title}>' => 'The wait is over',
	'takedown' => '2017-11-01',
	'<{body}>' => <<<END
<img src="/img/CC_BY-SA_4.0/y.st./weblog/2019/04/15.jpg" alt="City streets" class="framed-centred-image" width="800" height="480"/>
<section id="dreams">
	<h2>Drudgery</h2>
	<p>
		I dreamed I was sunning through this long hall with two other people.
		We had ping pong paddles, and were hitting something forward and to one another as we ran.
		I&apos;m not sure why, and I don&apos;t recall what we were hitting.
	</p>
</section>
<section id="drudgery">
	<h2>Drudgery</h2>
	<p>
		I ended up not getting much of the reading assignment completed today.
		That said, it was mostly because I got hung up on this one part that was highly relevant to one of the learning journal assignments for the week.
		I ended up writing most of that learning journal entry instead.
		A bit later, I came across much of the information I needed for the unit assignment in the same course, so I started working on that as well, further slowing down the reading.
	</p>
	<p>
		The textbook introduces us to how to represent entity-relationship models graphically.
		I&apos;m pretty sure I worked with these models in another course, and I&apos;m pretty sure we represented them radically differently.
		I&apos;m not sure which method is correct, I don&apos;t recall the old method exactly, and it just makes sense to use the method presented by the course&apos;s materials to complete the assignments of the same course.
		So that&apos;s what I&apos;ll be doing, I suppose.
		But this method seems way off.
		The diagrams it produces aren&apos;t intuitive to read.
	</p>
	<p>
		My discussion post for the day
	</p>
	<blockquote>
		<p>
			I like how you bring up security in the three-tier example.
			Three-tier set-ups allow restrictions to be placed on who can access and update what parts of the data.
			The database tier handles only the database, so if the client tier is the only other tier, no restrictions can be made.
			I mean, they could be made in the client application, but because the client application exists on the client side, which isn&apos;t inherently trustworthy, the user could modify the client application, or even hire someone to modify it for them.
			In other words, restrictions made in the client layer cannot be depended upon to actually exist.
		</p>
		<p>
			You mention that the two-tier setup isn&apos;t necessarily unsecure.
			This really depends on your use case though.
			If you are the client <strong>*and*</strong> the server (you&apos;ve got two machines, potentially very distant from one another), you can secure the system by using a combination of encryption and authentication.
			Thus, the two-tier setup can be secure.
			However, this doesn&apos;t work when you&apos;re dealing with other people.
			As soon as untrusted people have access to the system by having a copy of the client layer and the things needed to connect to the database layer, it&apos;s no longer possible to secure the two-tier setup.
		</p>
		<p>
			You make an interesting point that the two-tier setup is easier to maintain.
			I hadn&apos;t thought about that myself.
			I think in cases of large numbers of users, it&apos;d be harder to maintain because the client-tier application would need to be updated on each and every client machine, as opposed to just updating the single application-tier application in the the three-tier model.
			However, with a small number of clients, that&apos;s not the case.
			You still need to update on all clients, but the reduced complexity of the two-tier approach is able to make up for it when there are significantly fewer client machines to update.
		</p>
	</blockquote>
</section>
<section id="cheque">
	<h2>Replacement pay cheque</h2>
	<p>
		The head manager gave me my replacement pay cheque today.
		Sweet.
		Now I can stop worrying about that.
		This is just in time, too.
		I lost my cheque on a Tuesday, and that&apos;s no coincidence.
		I have errands near the credit union on Tuesdays, so I wait to deposit my cheque until then.
		And tomorrow will be Tuesday again.
		Had they gotten the cheque to me even as late as tomorrow, it&apos;d be a full second week until it got deposited.
		(By the time I get off work, the credit union is closed.)
	</p>
</section>
<section id="mobile">
	<h2>&quot;Show us your mobile.&quot;</h2>
	<p>
		Apparently, we got scammed today.
		Someone claimed to be here to pick up a specific order that was placed and paid for online.
		They even knew the name on the order ticket.
		Later, someone else came also requesting that same order.
		I guess the head manager thinks the second person was the real one.
		They also think they were in cahoots with the first person though, and that the goal was to get double the food for the same price.
		That seems likely.
		We couldn&apos;t prove it though, so we had to remake the order and give it to the second person.
		So the head manager came up with a plan: anyone coming in with an order placed online will have to show us the order on their mobile.
	</p>
	<p>
		Yeah.
		That&apos;s not going to go wrong or anything.
		The orders that come through the Internet can be placed via a mobile application, which is what the boss was thinking of as the only use case.
		However, we also have a website that allows customers to place orders.
		People placing the order on the Web aren&apos;t going to have the order on their mobiles.
		I brought that up immediately, and the boss just sort of walked away without saying anything.
		I thought they were just blowing off my concern at first.
	</p>
	<p>
		A bit later, they changed the plan.
		Their excuse was that customers might not have their mobile on them when they come in.
		It seemed more like an excuse to fix the broken plan than anything though.
		I mean, most people with mobiles seem to drag them everywhere.
		I know I do mine, when it&apos;s not on the fritz.
		The issue isn&apos;t people not bringing their mobiles.
		Some people using the website might not even <strong>*have*</strong> a mobile.
		And some people with mobiles might be too intelligent to install our likely spyware-laden mobile application and ordered through the website.
		If they order through the website from home, it could very well be more convenient to use their desktop computers with full keyboards rather than the using their tiny mobile devices with miniscule touch screen keyboards.
		Even if they have mobiles and drag them everywhere they go, it doesn&apos;t mean they placed their orders using their mobiles.
	</p>
	<p>
		So anyway, that problem&apos;s been averted.
		Instead, we&apos;re just to ask customers picking up the orders to recite what&apos;s in the order.
		If they know not only the name on the order but also what was ordered, it&apos;s much harder for the second person to claim the one picking up the order was a fraud.
		The person that picked up the order simply must have ties to the placer of the order, without question.
	</p>
</section>
END
);
